Problem/Motivation

We are not seeing the Last Access timestamp get updated on the People/User list view after successfully logging into our test environment using SAML Auth module via dev IDP app.

Steps to reproduce

We setup our dev environment with the proper SAML config under SAML Auth settings and can successfully login via our Okta dev app.

Oddly, after login I'm not seeing the Last Access time stamp change for that test user. Any thoughts as to what might be causing this issue? Example attached for the user "DKunkel@doc.gov" where I logged in and it still showed my last access as 2 months 3 weeks ago.

Proposed resolution

CommentFileSizeAuthor
Screenshot 2026-05-19 124820.png39.97 KBdak5859

Comments

dak5859 created an issue. See original summary.

roderik’s picture

roderik
Primary language Dutch
Location Amsterdam,NL / Budapest,HU
commented
Status: Active » Postponed (maintainer needs more info)

Note that the Drupal Core part of the login process is doing the timestamp-setting; not the samlauth module. I don't know what's the issue, but - two things to consider:

1)
My first thought is: are you really logging into Drupal? If you're hitting the IdP -> samlauth ACS endpoint but then it turns out you're already logged into Drupal... you're not actually being logged in, and the timestamp is not updated. I see that as "same behavior as Drupal Core": if you're already logged in and then browse to /user/login, the timestamp is also not updated.

I get that "2 months 3 weeks ago" is a long time, so that's probably not it. But it's the most obvious explanation, to mention first. (If it is: let's convert this to a 'Support Request' and keep it open, it's has a good issue title.)

If you do have a reason to have the timestamp updated every time a user enters through the ACS (as opposed to actually logging in to Drupal)... that would be an extra configurable option (or local patch).

2)
Debug.

The code path from /samlauth/acs is:

  • SamlService::acs() -> inescapably calls SamlService::doLogin(),
  • which contains two calls to ExternalAuth::userLoginFinalize() (one for new users, one for existing users)
  • which calls user_login_finalize(), first thing,
  • which updates the timestamp, first thing.

So I actually don't know how you could log in but not have the timestamp updated.

dak5859’s picture

dak5859 commented

@roderik Thanks for taking the time to provide some feedback so quickly. I think I just found the issue on our end. It was related to some of our nginx config used for changing the login path on our previous use of simplesamlphp_auth from /saml_login to /login. When updating that config to use the SAML Auth path (/saml/login) and logging into our dev environment at /login - I'm now seeing an accurate Last Access time stamp. I will edit this issue to mark it as a "Support Request" vs bug and close.

dak5859’s picture

dak5859 commented
Category: Bug report » Support request
Status: Postponed (maintainer needs more info) » Fixed

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.